GroupBlog – Exchange, PowerShell, AD, Outlook etc.

Menu

Monthly Archives: May 2013

Post navigation

Finally here is the continuation of previous article about Exchange federation trust. So we have established the trust between Microsoft Federation Gateway and our organizations. Next step is to configure inter-organizational behavior. It is a mesh-like net, where 1:1 organization relationship is established.

Prerequisites

Autodiscover service must be accessible to at least one CAS server from the internet

EWS should be accessible to at least one server and External URL should match the name accessible from internet and 3rd party certificate SN or SAN name

Organization Relationship

Once we have configured our organizations to trust MS Federation Gateway, we can use it to create organization relationship. We will use

command Get-FederationInformation about opposite organization and pipe it to create new organization relastionship. Access level on both side of relationship should be the same.

I have created new admin account to manage Exchange 2010 SP3 / Office 365 hybrid deployment using ADFS (advanced SSO config). By default it takes up to 3 hours to sync newly created / added accounts to Office 365. To force synchronization perform:

Event ID: 6127 – The management agent “SourceAD” completed run profile “Delta Import Delta Sync” with a delta import or delta synchronization step type. The rules configuration has changed since the last full synchronization

Event OS: 6126 – The management agent “TargetWebService” completed run profile “Delta Confirming Import” with a delta import or delta synchronization step type. The rules configuration has changed since the last full import or full synchronization.

The rough process is simple, but in my case there was a problem, because customer has coexistence scenario Exchange 2007 / Exchange 2010 in single AD site. In this scenario OAB has been first created in Exchange 2003 -> Then Exchange 2003 has been replaced by Exchange 2007 and after that Exchange 2007 left for business purpose (several mailboxes ) and it was extended by Exchange 2010 (Currently SP3). In this scenario OAB is missing ConfiguredAttributes (It is empty) So the process is as follows:

1. Get info about OAB

Command lists OAB and its empty attribute.

Get-OfflineAddressBook "Default Offline Address List" | fl

2. Create new OAB to see configured attributes

To be sure users will not be disrupted by the change I have created new OAB on Exchange 2010.

3. List configured attributes

4. Change attributes

To change attributes I first read attributes to variable and adjusted ThumbnailPhoto,Indicator to ThumbnailPhoto,Value. It will phycically store ThumbnailPhoto data to OAB. Caution. This might increase network load, since OAB will increase its size based on user counts.

8. Assign OAB to mailboxes

Before:

I selected a method to assign OAB for each mailbox database. Each mailbox inside database, which doesnt have explicitly defined OfflineAddressBook parameter will get the one from database. Exchange Information Store is using cache so changes will be visible after up to 2 hours of actual setting of database. To perform changes immediately you shoud dismount / mount database, where change must be visible immediately. Command:

One of our customers has Exchange 2010 (currently SP3). When I was installing latest build (SP3 from SP4 RU 5v2), I experienced problems that server was unaccessible, Exchange web services were not able to serve clients, Powershell was not working and Forefront was crashing taking down MS Exchange Transport service. I spent several hours troubleshooting and here is the overview and solution.
Description:

Configuration:

From the start server has been installed and configured with the following IP´s:

LB IP: 192.168.1.120 /24
Production IP:192.168.1.100 /24

and second Production IP address has been added later as requirement for one business Exchange Web Services-related application.

From IIS point of view:

From the begining there was only one application pool with all virtual directories as shown in the following picture (NOTE binding settings).

Site bindings for Default application web site application pool:

After business application has been added new application pool has been added too(NOTE binding settings).

Site Bindings for business application Application pool

Process of upgrade:

The process of upgrade was normal and well known from MS Technet, however after reboot of server I lost connectivity to Powershell and to EWS on the server. Therefore I expected problems in IIS, but how to find it?

I checked bindings and voila! Bidning of localhost has been moved from Default Web Site to Application Web Site

Binding on Bussiness application web site has now localhost:

Bindings on Default Web Site is missing localhost record:

Move Localhost binding to correct place and restart IIS!

Explanation:

There is a logic how IP addresses are set in IIS. One basic logic says, that WEB server can have as many IP addresses as needed, BUT the default one must be the one with lowest number. For example if I

have 3 IP addresses:

192.168.10.10
192.168.10.11
192.168.10.12

IP address with highest priority is 192.168.10.10 and in some circumstances localhost binding can be moved under application pool, which is listening under IP address with highest priority without notice. This is quite logical, that Powershell and OWA virtual directories stopped to work against localhost binding, because there was no virtual path inside newly created application pool for bussiness application.

Conclusion:

Plan the possibility to extend server with some more application pools and listeners already in design phase and reserve some IP addresses with higher numbers for future needs.

The page file size minimum and maximum must be set to physical RAM plus 10 MB regarding Exchange 2013.

The recommended page file size also accounts for the memory that’s needed to collect information if the operating system stops unexpectedly. On 64-bit operating systems, memory can be written as a dump file to the paging file. This file must reside on the boot volume of the server (source: Exchange 2013 System Requirements)